Maximum Password Age Set Too High or Unlimited

ID: max-password-age-too-high

Severity: medium

Author: princechaddha

Tags: policy,code,windows-audit

Description

Checks if the maximum password age allows passwords to be used indefinitely.

YAML Source

id: max-password-age-too-high

info:
  name: Maximum Password Age Set Too High or Unlimited
  author: princechaddha
  severity: medium
  description: Checks if the maximum password age allows passwords to be used indefinitely.
  impact: |
    Allowing long or unlimited password lifetimes increases the risk of compromised credentials.
  remediation: |
    Set a reasonable maximum password age to force regular password changes.
  tags: policy,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - cmd
    args:
      - /c
    pattern: "*.cmd"
    source: |
      net accounts

    matchers:
      - type: word
        words:
          - "Maximum password age (days):                          0"
# digest: 4b0a004830460221009dd39474124d2a7b9d6be0e092610f8fe4d3f62fab7496062dff69edf290a984022100afdbcc717b11761d91ef8e9edfdfa22b31ee564cffcf2e1c237655f3c2abca5f:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "code/windows/audit/max-password-age-too-high.yaml"

View on Github